Educause Security Discussion mailing list archives

Re: Log management

From: Jason Richardson <JasonR () GWM SC EDU>
Date: Thu, 1 Feb 2007 11:36:59 -0500

I am surprised not to see LogLogic on your list (although it does appear
on Greg's list) as they seem to be at least one of the vendors of choice
for orgs like SANS.  We're going to be going through this process soon
so we would be very interested in whatever data you have when it is
available.

Thanks,

Jason Richardson
Information Security Manager
University of South Carolina
University Technology Services
jasrich () sc edu
803-777-0392

mclaugkl () UCMAIL UC EDU 01/31 8:34 AM >>>

Hi Charlie:
If you aren't in a hurry touch back with me in a month or so and I
should have some good data to share with you. We have an RFI for a
solution out now and the following is a list of just a few of the
vendors who have stated they are responding:

IBM/ISS
CISCO
Secure State
Fusion
CA
HP
Cambia
Tripwire
and a handful of local vendors

If anyone else wants a summary of what we find out just let me know and
I'll send it your way.

-Kevin


________________________________

From: Charles L. Bombard [mailto:BombardC () CCV EDU]
Sent: Wed 1/31/2007 8:01 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Log management



Hey everyone,

        What would you all recommend for central log management? We
are
currently looking at GFI eventmanager. The ideal solution will combine
the monitoring of both windows and linux logs, and have the ability to
generate alerts based on our settings.

        Recommendations of things to look at as well as things to
avoid
is appreciated.

-Charlie

==========================================

Charles Bombard, GSEC
LAN/Systems Administrator
Community College of Vermont
119 Pearl Street
Burlington, VT 05401
802.657.4234
bombardc () ccv edu

PRIVACY & CONFIDENTIALITY NOTICE: This message is for the designated
recipient only and may contain privileged, confidential, or otherwise
private information. If you have received it in error, please notify
the
sender immediately and delete the original. Any other use of an email
received in error is prohibited.

Current thread:

Re: Log management, (continued)
- Re: Log management John Bullock (Jan 31)
- Re: Log management Jeff Giacobbe (Jan 31)
- Re: Log management Alex Campoe (Jan 31)
- Re: Log management Charles L. Bombard (Jan 31)
- Re: Log management Chris Green (Jan 31)
- Re: Log management Isaac Straley (Jan 31)
- Re: Log management Isaac Straley (Jan 31)
- Re: Log management Isaac Straley (Jan 31)
- Re: Log management Nick Lewis (Jan 31)
- Re: Log management Greg Vickers (Jan 31)
- Re: Log management Jason Richardson (Feb 01)
- Re: Log management John Ladwig (Feb 01)
- Re: Log management Wes Young (Feb 01)
- Re: Log management Mark Bauer (Feb 01)
- Re: Log management Kees Leune (Feb 20)